Fake Pudgy Penguins phishing page 'plays dead' to avoid detection

If you haven't followed NFTs or Web3, you might not know Pudgy Penguins. The NFT brand has made its way onto Walmart shelves and launched a game this month, which has already been hit by a pretty nasty phishing scam. Malwarebytes found the phishing site abuses the fact that the web browser game Pudgy World connects to users' crypto wallets to verify digital items.

"For every browser extension wallet on the list, the phishing site renders an unlock screen built to match the real extension’s own visual identity, with the correct logo, colour scheme, button layout, and wording." The tricks continue: Malwarebytes describes a "page that plays dead for researchers" by testing hardware, checking if it's run in a virtual machine, and looking for automated tools.

Effectively, the malicious element of the attack simply doesn't load if it suspects researchers are accessing it.

pudgy penguins, pudgy world, malwarebytes, phishing site, phishing scam, crypto wallets, browser game, browser extension, web3, nfts